自定义过滤写法:
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.session.SessionException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.LogoutFilter;/*** * 重写退出过滤器,防止推出登录后,一直报找不到sessionId的异常错误* @author chen.kai* @date 2020年7月22日 下午11:20:12* */
public class DefaultLogoutFilter extends LogoutFilter {@Overrideprotected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {Subject subject = getSubject(request, response);String redirectUrl = getRedirectUrl(request, response, subject);try {//清空缓存subject.logout();} catch (SessionException e) {e.printStackTrace();}issueRedirect(request, response, redirectUrl);return false;}
}
ShiroConfig过滤器里面代码写法:
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.mgt.SecurityManager;
import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;/*** @author chen.kai* @date 2020年7月21日 上午10:04:58* */
@Configuration
public class ShiroConfig {//private final static Logger logger = LoggerFactory.getLogger(ShiroConfig.class);@Value("${spring.redis.host}")private String host;@Value("${spring.redis.port}")private int port;@Value("${spring.redis.password}")private String password;/*** 设置过滤器工厂* * @author chen.kai* @date 2020年7月21日 上午10:14:10* @param securityManager* @return*/@Beanpublic ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();factoryBean.setSecurityManager(securityManager);factoryBean.setLoginUrl("/manage/login");factoryBean.setUnauthorizedUrl("/manage/forbid");Map<String, String> filterMap = new LinkedHashMap<>();// 静态资源放行filterMap.put("/scripts/**", "anon");filterMap.put("/plugins/**", "anon");filterMap.put("/images/**", "anon");filterMap.put("/styles/**", "anon");filterMap.put("/fonts/**", "anon");//验证码// 登录,注册,登出filterMap.put("/manage/login**", "anon");//这里注意logout的写法filterMap.put("/manage/logout**", "logout");filterMap.put("/manage/**", "authc,perms");filterMap.put("/**", "user");factoryBean.setFilterChainDefinitionMap(filterMap);Map<String, Filter> filtersMap = new LinkedHashMap<>(1);//添加过滤器filtersMap.put("logout", new DefaultLogoutFilter());factoryBean.setFilters(filtersMap);return factoryBean;}}
退出的controller写法
/*** @Desc 用户登录* @author chen.kai*/
@Controller
@RequestMapping("/manage")
public class UserLoginController {//没错,这里就这一行代码,至于推出清空session的操作,已经在过滤器里面做了@RequestMapping(value = "/logout", method = RequestMethod.GET)@OperationLogs(businessType = BusinessType.LOGOUT, businessName = "退出登录")public String logout() {return "redirect:/manage/login";}}